RE: Issues-list item "CACHING-CGI" from Vinod Valloppillil on 1997-04-16 (ietf-http-wg@w3.org from April to June 1997)

From: Vinod Valloppillil <vinodv@microsoft.com>
Date: Wed, 16 Apr 1997 13:27:09 -0700
To: Ari Luotonen <luotonen@netscape.com>, mogul@pa.dec.com
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <E06360A02932CF118DA700805F14932703F21DD8@RED-72-MSG.dns.microsoft.com>

Sorry to randomize y'all a bit but,

Microsoft Proxy Server v1 caches objects that don't have LM.   

Over the course of the billions of objects we've proxied, we've found
that all objects that generate dynamic output (as well as all authoring
tools that generate dynamic HTML) have some other directive (e.g.
immediate expires; cache-control:private, etc.) that indicate the
non-cacheability of the object.


	-----Original Message-----
	From:	Ari Luotonen [SMTP:luotonen@netscape.com]
	Sent:	Tuesday, April 15, 1997 6:41 PM
	To:	mogul@pa.dec.com
	Cc:	http-wg@cuckoo.hpl.hp.com
	Subject:	Re: Issues-list item "CACHING-CGI"


	> I propose adding this to the end of section 13.9:
	> 
	> 	Note that some HTTP/1.0 cache operators have found that
it is
	> 	dangerous to cache responses to requests for URLs
including the
	> 	string "cgi-bin".  HTTP/1.1 caches should follow this
practice
	> 	for responses that do not include an explicit expiration
time.
	> 	HTTP/1.1 origin servers that want to allow caching of
responses
	> 	for URLs including "?" or "cgi-bin" SHOULD include an
explicit
	> 	expiration time.  Explicit expiration times may be
specified
	> 	using Expires, or the max-age directive of
Cache-Control, or
	> 	both.
	> 
	> -Jeff
	> 
	> P.S.: I base the first sentence in the note on the sample
configuration
	> file distributed with a recent version of the Squid cache
software.
	> If this is actually contrary to normal practice, someone
should say so.

	Actually, the simple #1 rule for caching/non-caching of all time
is:

		NEVER cache an HTTP/1.0 response that does not carry a
		Last-modified: header.

	This supercedes any heuristics based on URLs containing strings
like
	"cgi-bin", ".cgi" or "htbin".  It's also intuitive: if a
response
	doesn't content L-M it implies that it probably didn't exist in
this
	form before I asked for it, and probably won't exist in this
form
	after so it's not worth caching.

	This rule is strictly obeyed by both CERN and Netscape Proxies.
	Specific proxy applications that know their data source
intimately may
	break this rule.  This assumes that the freshness of documents
is
	guaranteed by configuration, not by the protocol.

	I've always strongly encouraged that both Last-modified: and
Expires:
	be sent out from CGI's whose result is produced from data that
has a
	specific last modification time, and will have a certain
specific
	modification time in the future (e.g. a database that is
synchronized
	at every midnight, but during the 24 hour period in between the
	response would be unchanged for the same request).

	Cheers,
	--
	Ari Luotonen, Mail-Stop MV-061		Opinions my own, not
Netscape's.
	Netscape Communications Corp.		ari@netscape.com
	501 East Middlefield Road
http://home.netscape.com/people/ari/
	Mountain View, CA 94043, USA		Netscape Proxy Server
Development

Received on Wednesday, 16 April 1997 14:46:12 UTC